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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1-23. (Cancelled). 

24. (Currently Amended) In a computer system , the computer system including 
system memory, a processor, and a computer-readable medium, a data store and a method store 
being stored on the computer-readable medium, the data store and the method store arranged 
together in a combined item hierarchy on the computer-readable medium, the data store having 
least one data item that depends from a method in the method store and the method store having 
at least one method that depends from data in the data store, the combined item hierarchy t hat 
includes it e ms stor e d in at l e ast on e volume, the volum e being divided into at l e ast one or more 
non-overlapping security zones, each of the at least one or more non-overlapping security zones 
being defined as a grouping of one or more data items and one or more method items having 
common security rules , e ach it e m r e sid i ng in a non ov e rlapping security zone from among the at 
least on e non overlapping s e curity zone, e ach non ov e rlapping security zone having on e or mor e 
such that principals with administrative right s to items in a non-overlapping security zone can 
treat all the items in the non-overlapping security zone uniformly in accordance with common 
security rules, a method of splitting the one or more non-overlapping security zones into a 
plurality of non-overlapping security zones to facilitate more efficient delegation[[g]] of 
administrative rights to ether— principals for first it e ms included in a main non ov e rlapping 
s ecurity zone includ e d in the at least on e non overlapping s e curity zone , comprising: 

an act of identifying ftest a grouping of data items and method items in the 
combined item hierarchy for which new common security rules are to be enforce d, the 
identified grouping of data items and method items currently included in an existing non- 
overlapping zone from among the one or more non-overlapping zones, existing common 
security rules being enforced within the existing non-overlapping zone, the new common 
security rules differing from the existing common security rules being enforced within 
the existing non-overlapping zone and oth e r it e ms for which common security rules are to 
be maintained independent from the common s e curity rules of th e identified first items 
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residing in a main non overlapping oecurity zone within a volum e comprising a plurality 
of non overlapping security zones ; 

an act of the processor re-configuring the one or more non-overlapping security 
zones so that administrative rights can be delegated at a granularity that is finer than an 
entire database but yet coarse enough so as to not require delegation for each item, 
including: 

an act of splitting the mam- existing non-overlapping security zone into a 
first -new non-overlapping security zone and a remnant of the existing non- 
overlapping security zone, the arrangement of the new non-overlapping security 
zone relative to the remnant of the existing non-overlapping security zone based 
on the location of the identified grouping of data items and method items within 
the combined item hierarchy, the new non-overlapping security zone for 
containing the identified grouping of data items and methods items, the remnant 
of the existing non-overlapping security zone containing at least one data item or 
method item from the existing non-overlapping security zone, containing th e 
identifi e d first it e ms for which common s e curity rules ar e to b e e nforced, a nd a 
r e maining non ov e rlapping main security zon e having the other it e ms having 
common oecurity rules that are not depend e nt upon th e common security rul e s of 
th e first non ov e rlapping security zone such that th e first non ov e rlapping security 
zon e and th e r e maining non overlapping main security zon e s do not ov e rlap with 
any of th e plurality of oth e r non overlapping s e curity zon e s includ e d in the 
volum e , the on e or mor e main principals retaining administrativ e rights for th e 
first non overlapping s e curity zon e and th e r e maining main non overlapping 
security zon e , th e first non overlapping security zon e including the first items and 
th e remaining main non overlapping s e curity zon e including only th e oth e r items 
from th e main non ov e rlapping security zone not includ e d in th e first it e ms, and 
wherein said splitting is restricted in such a way as to prevent overlapping 
between security zones and such that none of the first items and other data items 
and method items from th e main non overlapping security zone are present 
included in more than one security zone wh e n th e main non overlapping s e curity 
zon e is split wherein the security zon e s ther e by hav e a dynamic configurable 
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granularity of it e ms having common security rules ; and 

an act of adjusting data properties of each of the items in the identified 
grouping of data items and method items to represent that the identified grouping 
of data items and method items are contained in the new non-overlapping security 
zone; 

for any principals that had existing administrative rights in the existing non- 
overlapping security zone based on the existing common security rules being enforced in 
the existing non-overlapping security zone at the time the existing non-overlapping zone 
was split, an act of retaining those existing administrative rights in the new non- 
overlapping security zone, including in the identified grouping of data items and methods 
items, subsequent to splitting the existing non-overlapping security zone and subsequent 
to adjusting data properties to represent that the identified grouping of data items and 
methods items are contained in the new non-overlapping security zone; and 

an act of specifying that one or more firs ^additional principals alse-have other 
administrative rights te -in the identified grouping of data items and method items based 
on the new common security rules by specifying that the one or more additional 
principals have the other administrative rights to the new th e first non ov e rlapping 
security zon e containing th e first it e ms, such that th e e ntirety of items in th e first non- 
overlapping security zon e in accordance with the new common security rules, the other 
administrative rights differing from the existing administrative rights n e c e ssarily have the 
common security rul e s . 

25. (Currently Amended) The method of claim 24, wherein specifying the one or 
more first -additional p rincipals is performed by the one or more main principals. 

26. (Currently Amended) The method of claim 24 further comprising wherein the act 
of adjusting data properties of each of the items in the identified grouping of data items and 
method items comprises labeling each of the fifst-items with a security zone enumeration 
corresponding to the first -new non-overlapping security zone. 

27. (Original) The method of claim 24, the administrative rights being security rights. 
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28. (Original) The method of claim 24, the administrative rights being auditing rights. 



Claims 29-32. (Cancelled). 



33. (Cancelled) 
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34. (Currently Amended) A computer program product for use at a computer system, 
£[A]] the computer program product comprising one or more computer-readable storage mediae 
data store and a method stored being stored on the one or more computer-readable storage media, 
the data store and the method store arranged together in a combined item hierarchy on the 
computer-readable medium, the data store having least one data item that depends from a method 
in the method store and the method store having at least one method that depends from data in 
the data store, the combined item hierarchy being divided into one or more non-overlapping 
security zones, each of the one or more non-overlapping security zones being defined as a 
grouping of one or more data items and one or more method items having common security rules 
such that principals with administrative rights to items in a non-overlapping security zone can 
treat all the items in the non-overlapping security zone uniformly in accordance with common 
security rules, the computer-readable storage media also t ha^storing[[e] computer-executable 
instructions that, when executed by a processor, cause the computer system to perform a method 
of splitting the one or more non-overlapping security zones into a plurality of non-overlapping 
security zones to facilitate more efficient delegation[[g]] of administrative rights to other 
principals for first items includ e d in a main non ov e rlapping s e curity zon e included in at least 
one non overlapping s e curity zone , comprising: 

an act of identifying first a grouping of data items and method items in the 
combined item hierarchy for which new common security rules are to be enforce d, the 
identified grouping of data items and method items currently included in an existing non- 
overlapping zone from among the one or more non-overlapping zones, existing common 
security rules being enforced within the existing non-overlapping zone, the new common 
security rules differing from the existing common security rules being enforced within 
the existing non-overlapping zon e and oth e r items for which common security rul e s are to 
be maintained ind e p e ndent from the common security rules of th e id e ntifi e d first it e ms 
residing in a main non ov e rlapping security zon e within a volum e comprising a plurality 
of non overlapping security zon e s, wher e in the s e curity rules comprise an acc e ss control 
list defining th e rights a principal has to th e items in th e security zone associated with the 
s e curity rul e s ; 

an act of the re-configuring the one or more non-overlapping security zones so 
that administrative rights can be delegated at a granularity that is finer than an entire 
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database but yet coarse enoufih so as to not require delegation for each item, including: 

an act of splitting the main -existing non-overlapping security zone into a 
first -new non-overlapping security zon e and a remnant of the existing non- 
overlapping security zone, the arrangement of the new non-overlapping security 
zone relative to the remnant of the existing non-overlapping security zone based 
on the location of the identified grouping of data items and method items within 
the combined item hierarchy, the new non-overlapping security zone for 
containing the identified grouping of data items and methods items, the remnant 
of the existing non-overlapping security zone containing at least one data item or 
method item from the existing non-overlapping security zone, containing the 
identified first it e ms for which common security rules arc to be enforced, and a 
remaining non ov e rlapping main security zon e having th e other it e ms having 
common s e curity rules that ar e not dep e ndent upon th e common security rules of 
the first non ov e rlapping s e curity zon e such that th e first non overlapping security 
zon e and th e r e maining non ov e rlapping main s e curity zones do not ov e rlap with 
any of the plurality of oth e r non ov e rlapping security zon e s includ e d in tho 
volume, the on e or more main principals r e taining administrativ e rights for the 
first non overlapping security zon e and tho remaining main non ov e rlapping 
s e curity zone, th e first non ov e rlapping security zon e including the first it e ms and 
th e r e maining main non ov e rlapping s e curity zon e including only th e other items 
from th e main non overlapping security zon e not included in th e first it e ms, and 
wherein said splitting is restricted in such a way as to prevent overlapping 
between security zones and such that none of the first items and other data items 
and method items from th e main non ov e rlapping security zone are pr e sent 
included in more than one security zone when the main non overlapping s e curity 
zone is split wher e in th e security zones th e reby have a dynamic configurabl e 
granularity of items having common s e curity rules ; and 

an act of adjusting data properties of each of the items in the identified 
grouping of data items and method items to represent that the identified grouping 
of data items and method items are contained in the new non-overlapping security 
zone; 
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for any principals that had existing administrative rights in the existing non- 
overlapping security zone based on the existing common security rules being enforced in 
the existing non-overlapping security zone at the time the existing non-overlapping zone 
was split, an act of retaining those existing administrative rights in the new non- 
overlapping security zone, including in the identified grouping of data items and methods 
items, subsequent to splitting the existing non-overlapping security zone and subsequent 
to adjusting data properties to represent that the identified grouping of data items and 
methods items are contained in the new non-overlapping security zone; and 

an act of specifying that one or more fes ^additional principals also have other 
administrative rights te -in the identified grouping of data items and method items based 
on the new common security rules by specifying that the one or more additional 
principals have the other administrative rights to the new the first non overlapping 
s e curity zon e containing th e first items, such that th e e ntir e ty of it e ms in th e first non- 
overlapping security zon e in accordance with the new common security rules, the other 
administrative rights differing from the existing administrative rights nec e ssarily have the 
common se curity rul e s . 

35. (Cancelled) 

36. (Currently Amended) The method of claim 24^ wherein the existing common 
security rules comprise an access control list defining the rights a principal has to the items in the 
remnant of the existing non-overlapping security zone associat e d with th e security rul e s . 

37. (New) The method of claim 24, wherein the new common security rules comprise 
an access control list defining the rights a principal has to the items in the new non-overlapping 
security zone. 

38. (New) The computer program product of claim 34, wherein specifying the one or 
more additional principals is performed by the one or more main principals. 
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39. (New) The computer program product of claim 34, wherein the act of adjusting 
data properties of each of the items in the identified grouping of data items and method items 
comprises labeling each of the items with a security zone enumeration corresponding to the fet 
new non-overlapping security zone. 

40. (New) The computer program product of claim 34, the administrative rights being 
security rights. 

41 . (New) The computer program product of claim 34, the administrative rights being 
auditing rights. 

42. (New) The computer program product of claim 34, wherein the existing common 
security rules comprise an access control list defining the rights a principal has to the items in the 
remnant of the existing non-overlapping security zone. 

43. (New) The computer program product of claim 34, wherein the new common 
security rules comprise an access control list defining the rights a principal has to the items in the 
new non-overlapping security zone. 
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